A vulnerability has been found in the web version of Google photos which lets malicious websites access the sensitive information related to the photos such as date and geographic coordinates.
On the basis of this metadata information of your photos, they will be tagged by Google photos automatically.
The metadata of any photo allows details to be moved along with the photograph file which is readable by end users, hardware and software.
How the Hack Functions
To begin with, the hackers have to befool the user and trick him into accessing the malicious website while he is logged into his Google Photos account.
As soon as the malicious website opens in the web browser, it generates answers to the questions the attacker has by stealthily generating requests to the Google Photos search endpoint.
As stated in a report by Imperva, the hacker can keep a record of the queries which have been already asked and resume the process from there on upon your next visit onto any of his infectious websites.
Reportedly, the vulnerability has been patched by Google after Imperva brought it to their knowledge.